Details of VAR-202508-3053

ID

VAR-202508-3053

CVE

CVE-2025-30099

TITLE

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22717)

Trust: 0.6

sources: CNVD: CNVD-2025-22717

DESCRIPTION

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication

Trust: 1.44

sources: NVD: CVE-2025-30099 // CNVD: CNVD-2025-22717

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22717

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.7.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.30	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.11.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-22717 // NVD: CVE-2025-30099

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-30099
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-22717
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-22717
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-30099
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-22717 // NVD: CVE-2025-30099

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-30099

PATCH

title:

Patch for Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22717)

url:

https://www.cnvd.org.cn/patchInfo/show/738271

Trust: 0.6

sources: CNVD: CNVD-2025-22717

EXTERNAL IDS

db:	NVD	id:	CVE-2025-30099	Trust: 1.6
db:	CNVD	id:	CNVD-2025-22717	Trust: 0.6

sources: CNVD: CNVD-2025-22717 // NVD: CVE-2025-30099

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-30099	Trust: 0.6

sources: CNVD: CNVD-2025-22717 // NVD: CVE-2025-30099

SOURCES

db:	CNVD	id:	CNVD-2025-22717
db:	NVD	id:	CVE-2025-30099

LAST UPDATE DATE

2025-10-16T23:32:28.337000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22717	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30099	date:	2025-10-16T14:39:43.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22717	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30099	date:	2025-08-04T15:15:31.887